<?php
function kSecureLogin(){
	$query = "SELECT * FROM kse_admin_ip_tables WHERE kse_admin_ip_name='". $_SERVER['REMOTE_ADDR'] ."'";
	$result = mysql_query($query);
	if(mysql_num_rows($result) > 0){
		return true;
	}
	else{
		//echo $query;
		return false;
	}
}

function login_procedure(){
	$query = "SELECT * FROM ip_tables WHERE ip_name='". $_SERVER['REMOTE_ADDR'] ."'";
	$result = mysql_query($query);
	if(mysql_num_rows($result) > 0){//if user's PC is registered in system
		
		$row = mysql_fetch_array($result);
		$query = "SELECT control_user_name FROM control_users WHERE control_user_id=". $row["ip_user_id"];
		$result = mysql_query($query);
		$row = mysql_fetch_array($result);
		?>
		<form id="loginform" action="login.php" method="post" enctype="multipart/form-data">
			<label>Hello <?php echo $row["control_user_name"] ?></label>
			<input type="hidden" id="login" name="login" value="<?php echo $row["control_user_name"] ?>" />
			<br>
			<label for="password">Enter password</label><input class="box" id="password" name="password" type="password">
			<br>
			<label for="password">Remember me</label><input type="checkbox" id="remember" name="remember" value="true" />
			<input id="submitbutton" value="Login" type="submit">
		</form>
		<?php
	}
	else{//else registering user
		?>
		<form id="registerform" action="register.php" method="post" enctype="multipart/form-data">
			<label>Register new user</label>
			<br>
			<label for="login">Login</label><input class="box" id="login" name="login" type="text">		
			<br>
			<label for="password">Password</label><input class="box" id="password" name="password" type="password">
			<br>
			<input id="submitbutton" value="Register" type="submit">
		</form>
		<?php
	}
}


function login($login, $password, $remember = false, $hashable = true){
	if($hashable){
		$password = md5($password);
	}
	
	$query = "SELECT control_user_account_type_id FROM control_users WHERE control_user_password='". $password ."' AND control_user_name = '". $login ."'";
	$result = mysql_query($query);

	// If there are no matches then the username and password do not match
	if(mysql_num_rows($result) > 0){
		$u = mysql_fetch_array($result);
		// Check if user wants account to be saved in cookie
		if($remember){
			// Generate new auth key for each log in (so old auth key can not be used multiple times in case 
			// of cookie hijacking)
			$cookie_auth=  rand(1, 10) . $password;
			$auth_key = md5($cookie_auth);
			$query = "UPDATE control_users SET control_user_auth_key='". $auth_key ."' WHERE control_user_name='". $login ."'";
			$result = mysql_query($query);
			//setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 1, "/", "example.com", false, true)
			setcookie("auth_key", $auth_key, (time() + 60 * 60 * 24), "/", DOMAIN, false, true);
		}
			
		//regenerate_session_id(true);
		$_SESSION["user_type"] = $u["control_user_account_type_id"];
		$_SESSION["user_name"] = $login;
		$_SESSION["user_lastactive"] = time();
	}
	else{
		echo "no pwd match";
	}
}

function initiate(){

	$query = "SELECT control_user_name, control_user_password FROM control_users WHERE control_user_auth_key='". $_COOKIE["auth_key"] ."' AND control_user_id = (SELECT ip_user_id FROM ip_tables WHERE ip_name='". $_SERVER['REMOTE_ADDR'] ."')";
	$result = mysql_query($query);
	
	if(mysql_num_rows($result) > 0){
		$u = mysql_fetch_array($result);
		login($u["control_user_name"],$u["control_user_password"], true, false);
	}
	else{
		setcookie("auth_key", "", time() - 3600, "/", DOMAIN);
	}
}

?>